A California congresswoman who has been pressing her colleagues to better protect consumers from computer hackers said yesterday it is “pretty obvious” Citigroup did not notify its customers in a timely fashion about the recent cyber attack on the bank that resulted in the exposure of personal information on 200,000 people.

Citi didn’t notify customers for months — and then only in vague “Dear Customer” letters sent last week.

“Americans have a right to know when their personal information has been compromised, and companies have an overriding responsibility to promptly alert them,” Ken Johnson, a spokesman for Rep. Mary Bono Mack (R-Calif.), wrote in an e-mail response to questions yesterday. “It’s pretty obvious this did not happen in the breach which occurred at Citigroup.”

Sony, the target of a cyber attack in April, didn’t alert users of its network until a week after discovering it.

Bono Mack has been vocal about doing more to protect customers in this age of increased hacker sophistication and cybercrimes. Her Subcommittee on Commerce, Manufacturing and Trade has been holding hearings on the consumer data vulnerabilities, and she is drafting legislation to “make certain consumers are better safeguarded in the future,” according to Johnson.

Bono Mack was critical of Sony’s silence in the immediate aftermath of the hack that exposed data of more than 100 million customers, and now she is similarly vexed by Citigroup’s response.

There is no federal law that forces companies to disclose potentially threatening data breaches, according to Purdue professor Gene Spafford.